How normal is this?

[user1492538376]

I work for a company which regularly sends fake spam emails internally to check who clicks on the links. They do this a lot and then those who click then have to meet with IT - presumably to be told not to do it again. There is a lot if cyber attacks now which I completely get. However I am sure most of the time people who click just don’t read emails properly and everyone makes mistakes. FWIW I never click on links now unless I am certain of the sender.

Yes, phishing tests are entirely normal.
The whole point is that people do it ‘by mistake’ when they’re in a hurry or distracted, and the consequences of clicking a malicious link can be absolutely catastrophic.

Do you work in the NHS? They do this.

Local Authority- we get them.

Normal and get better and better and more difficult to spot.

My work does this.

I think the point is you learn from your mistakes, and better to learn when it’s an internal test rather than an actual phishing incident.

The lesson is supposed to be that you start reading emails once you’ve realised you’re prone to not reading them properly and maybe getting caught out.

They're teaching employees not to click on the links. Most infiltration of company IT systems is due to human weakness/error.

If you can't understand this, it seems like you are someone who would click on the links.

Errr yes several training thanks for asking. As I said I havent personally clicked on links - but it seems OTT to then have meetings with IT about it.

Yeah we have this too. If you click on the link in a ‘test’ email, you have to do a short on-line security training course.

I got caught out with the first email. When I received another one that didn’t seem to be the usual work email, I called the IT dept. They confirmed it was one of their test emails and said they are fighting off millions of cyber attacks every day.

If our systems were compromised by an attack , things would be very bad indeed for us (thousands of employees) and for our customers (and they’d have nowhere else to go).

Lots of my legitimate emails operate by me clicking on links - signing via Docusign, joining teams/zoom calls and approving client ID docs are two that spring to mind. But there are clear indicators for when they are legitimate or not and so it’s not that difficult to be savvy about what links you click.

Regulatory reasons. They need to demonstrate by law they have a process to make sure employees are regularly tested and there are repercussions if they fail. It’s normal.

It's OTT to try and protect company systems?! Have you noticed what happend to M&S, the CoOp, Jaguar?

You seem like exactly the person who needs this training.

I work in the civil service and they do this. You just have some extra cyber security training if you click the link. Seems fair to me. You seem to be assuming that this meeting with IT is ''OTT" without knowing what it actually involves? Maybe it's just a bit of one on one training?

I also find it odd that you are using 'people make mistakes and don't read emails properly' as an argument AGAINST being called in to see IT. Surely this is the argument FOR it?!

I work in cybersecurity and I can totally see why they have done this because so many people really do not give a shit, and a half hour meeting with IT to really make it stick in people's heads is a great price to pay to avoid a cyber attack, to be honest! A startling % of attacks begin with a phishing email or an employee being careless with their credentials. Its 100% worth being OTT about, considering the consequences if an attacker is successful.

My old job used to do this. It teaches people to be cautious and it’s just extra training unless it’s a repeat occurrence. I think a lot of companies would rather get rid of a careless employee than to have sensitive data leaked.

Totally normal where I work. If we had a ransomware attack it would be catastrophic and phishing scams are ever more sophisticated so it’s well worthwhile training people to spot them. My employer’s been doing this for the whole nine years I’ve worked there.

Exactly this. The whole point is to stop people making those mistakes and make them pay more attention.

One company I worked for did this. If you opened the message / attachment / clicked a link then you be made to do a Cyber Security course (or refresher).
They really made them look exactly like in internal emails so it could be tricky, especially when busy…

We've gone way beyond that. It's now about hackers (who have paid other hackers to breach the system, via the kind of employees that the OP is upset about being taught cyber security 🙄) gaining access to company systems and holding them to ransom.

Anyone else have to watch “The Inside Man” for IT training?

Unless IT are torturing the hapless email link clickers I don't see why its OTT to have a meeting with them. Its just a way for IT to explain the importance of stopping to think and the signs to look out for.

Oh yes we did have that - wasn't compulsory though - just promoted. Didn't it end with a second inside person - wonder if there is a second season coming?

from a security point of view that is omg, because some malware when clicked on can lock all the companies systems etc and the company is held to ransom etc so overall yes they need retraining

if any one wants a good film on why its not good practice to click on links watch the 1995 film hackers with angie jolie and jonny lee miller

Or just read the news reports from this year!